Mitel VoIP Bug Exploited in Ransomware Attacks
Researchers warn threat actors are using a novel remote code execution exploit to gain initial access to victim’s environments.
VoIP is voice communication over IP networks, where exposed services and flawed configurations can enable interception, fraud, or service disruption.
Search across headline titles and summaries.
Background for this topic.
Voice over Internet Protocol (VoIP) carries voice and related communications as IP network traffic, typically separating call signaling—often SIP—from audio or video media—often RTP. It includes internet calling services and enterprise phone systems such as IP-PBXs, session border controllers, handsets, and management portals.
Its security depends on both the VoIP applications and the networks they use. Internet-exposed SIP services and weakly protected accounts can enable unauthorized calling (toll fraud), call-routing changes, or denial-of-service; unencrypted or misconfigured media can expose conversations. Practitioners should restrict and authenticate signaling and administration, patch PBX and session-border software, use TLS and SRTP where supported, segment voice systems, and monitor registrations, call records, and unusual destinations. Vulnerability management must cover phones, servers, web interfaces, and integrations, while logs and call-routing data require appropriate privacy controls.
Weekly headline count for the current query.
Researchers warn threat actors are using a novel remote code execution exploit to gain initial access to victim’s environments.
The flaws are in the ubiquitous open-source PJSIP multimedia communication library, used by the Asterisk PBX toolkit that's found in a massive number of VoIP implementations.
The flaws are in the ubiquitous open-source PJSIP multimedia communication library, used by the Asterisk PBX toolkit that's found in a massive number of VoIP implementations.